Beispiel #1
0
    def delete_macaroon(self):
        form = DeleteMacaroonForm(**self.request.POST,
                                  macaroon_service=self.macaroon_service)

        if form.validate():
            description = self.macaroon_service.find_macaroon(
                form.macaroon_id.data).description
            self.macaroon_service.delete_macaroon(form.macaroon_id.data)
            self.request.session.flash(f"Deleted API token '{description}'.",
                                       queue="success")

        redirect_to = self.request.referer
        if not is_safe_url(redirect_to, host=self.request.host):
            redirect_to = self.request.route_path("manage.account")
        return HTTPSeeOther(redirect_to)
Beispiel #2
0
    def delete_macaroon(self):
        form = DeleteMacaroonForm(
            password=self.request.POST["confirm_password"],
            macaroon_id=self.request.POST["macaroon_id"],
            macaroon_service=self.macaroon_service,
            username=self.request.user.username,
            user_service=self.user_service,
        )

        if form.validate():
            macaroon = self.macaroon_service.find_macaroon(
                form.macaroon_id.data)
            self.macaroon_service.delete_macaroon(form.macaroon_id.data)
            self.user_service.record_event(
                self.request.user.id,
                tag="account:api_token:removed",
                ip_address=self.request.remote_addr,
                additional={"macaroon_id": form.macaroon_id.data},
            )
            if "projects" in macaroon.caveats["permissions"]:
                projects = [
                    project for project in self.request.user.projects
                    if project.normalized_name in
                    macaroon.caveats["permissions"]["projects"]
                ]
                for project in projects:
                    project.record_event(
                        tag="project:api_token:removed",
                        ip_address=self.request.remote_addr,
                        additional={
                            "description": macaroon.description,
                            "user": self.request.user.username,
                        },
                    )
            self.request.session.flash(
                f"Deleted API token '{macaroon.description}'.",
                queue="success")
        else:
            self.request.session.flash("Invalid credentials. Try again",
                                       queue="error")

        redirect_to = self.request.referer
        if not is_safe_url(redirect_to, host=self.request.host):
            redirect_to = self.request.route_path("manage.account")
        return HTTPSeeOther(redirect_to)
Beispiel #3
0
 def default_response(self):
     return {
         "project_names": self.project_names,
         "create_macaroon_form": CreateMacaroonForm(
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
             project_names=self.project_names,
         ),
         "delete_macaroon_form": DeleteMacaroonForm(
             macaroon_service=self.macaroon_service
         ),
     }